NVD Vulnerability Detail

CVE-2020-16092

Summary	In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
Publication Date	Aug. 12, 2020, 1:15 a.m.
Registration Date	Jan. 26, 2021, 11:53 a.m.
Last Update	Nov. 21, 2024, 2:06 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::			5.0.0

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:15.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html	Mailing List Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2020/08/10/1	Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2020/08/10/1	Mailing List Patch Third Party Advisory
5	https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html	Mailing List Third Party Advisory
6	https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html	Mailing List Third Party Advisory
7	https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html	Mailing List Patch Third Party Advisory
8	https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html	Mailing List Patch Third Party Advisory
9	https://security.gentoo.org/glsa/202208-27	Third Party Advisory
10	https://security.gentoo.org/glsa/202208-27	Third Party Advisory
11	https://security.netapp.com/advisory/ntap-20200821-0006/	Third Party Advisory
12	https://security.netapp.com/advisory/ntap-20200821-0006/	Third Party Advisory
13	https://usn.ubuntu.com/4467-1/	Third Party Advisory
14	https://usn.ubuntu.com/4467-1/	Third Party Advisory
15	https://www.debian.org/security/2020/dsa-4760	Third Party Advisory
16	https://www.debian.org/security/2020/dsa-4760	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-617	到達可能なアサーション	https://cwe.mitre.org/data/definitions/617.html

JVN Vulnerability Information

QEMU における到達可能なアサーションに関する脆弱性

Title	QEMU における到達可能なアサーションに関する脆弱性
Summary	QEMU には、到達可能なアサーションに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 27, 2020, midnight
Registration Date	Oct. 27, 2020, 3:50 p.m.
Last Update	Oct. 27, 2020, 3:50 p.m.

Affected System

Fabrice Bellard

QEMU 5.0.0 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-16092	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16092
National Vulnerability Database (NVD)
2	CVE-2020-16092	https://nvd.nist.gov/vuln/detail/CVE-2020-16092
関連文書
3	CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c	https://www.openwall.com/lists/oss-security/2020/08/10/1

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-617	http://cwe.mitre.org/data/definitions/617.html

ベンダー情報

No	Name	URL
Qemu-devel
1	[PATCH 0/2] assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c	https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html

Change Log

No	Changed Details	Date of change
1	[2020年10月27日] 掲載	Oct. 27, 2020, 3:50 p.m.